diff options
-rw-r--r-- | views/default/input/form.php | 5 | ||||
-rw-r--r-- | views/default/input/securitytoken.php | 20 |
2 files changed, 21 insertions, 4 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php index da666318d..a7ba8e45f 100644 --- a/views/default/input/form.php +++ b/views/default/input/form.php @@ -29,10 +29,7 @@ $security_header = ""; if ($vars['disable_security']!=true) { - $ts = time(); - $token = generate_action_token($ts); - $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token)); - $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts)); + $security_header = elgg_view('input/securitytoken'); } ?> <form <?php if ($id) { ?>id="<?php echo $id; ?>" <?php } ?> <?php if ($name) { ?>name="<?php echo $name; ?>" <?php } ?> action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>> diff --git a/views/default/input/securitytoken.php b/views/default/input/securitytoken.php new file mode 100644 index 000000000..b1461a2ce --- /dev/null +++ b/views/default/input/securitytoken.php @@ -0,0 +1,20 @@ +<?php + /** + * CSRF security token view for use with secure forms. + * + * It is still recommended that you use input/form. + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd + * @copyright Curverider Ltd 2008-2009 + * @link http://elgg.org/ + */ + + $ts = time(); + $token = generate_action_token($ts); + + echo elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token)); + echo elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts)); +?> |